View Full Version : securing+hardening network/server

I am looking at starting my own Windows server. I am concerned about the security, because I know once as I open the server up to the outside, I am vulnerable to attack. I am partially familiar with OpenVPN, OpenSSL, SSH, and DMZ, but am not sure how to tie this all together, and what the best method to harden and secure the network/server is. Can anyone give advice or recommend any good tutorials or reading material on this?

Just curious -- why would you make the server available on the Internet? Unless it's hosting a service that outside users need to access, or you need to manage it remotely, you shouldn't make it visible to anyone outside the internal network.

If you need to manage it remotely, best bet is set up a VPN to tunnel into your LAN. If you are hosting a service on it that others need to access, put it in the DMZ and isolate it from the rest of your LAN. If you don't need to do any of this, just make sure your firewall is good and secure.

So it's just a file server, not a domain controller?

Are these users on your local network, or are they external users? If they are outside your network, how will they access the data, and how will they authenticate?

Correct. They will be external. What would be the best, secure method to have them access to these financial documents?

There is no real "best" answer. How you configure all this depends on how the external users are going to authenticate. If you are responsible for the usernames and passwords they will use, you can configire the Routing and Remote Access Service on the server and set up a VPN. Or you could set it up as an FTP server, using either SSL/TLS or SSH to secure the connection. Or, depending the server OS you are using, you could enable Remote Desktop Web Access or RDP, again making sure to use only secure, encrypted connections.

If you aren't responsible for creating and maintaining the usernames and passwords, you could set up some sort of federation and allow the external users to access the files through a web browser.

In any event, you will want to create some sort of proxy in your DMZ that will route access to the Quicken file server, which should be sitting behind your firewall.

Those aren't very specific answers, but I don't really have enough info about your configuration to provide more details. Hope this helps.